Microsoft Brings Windows 10's Breach-Detection Service to Older OSes

Originally introduced two years ago for Windows 10 clients, Microsoft's Windows Defender Advanced Threat Protection (ATP) service will soon be available to Windows 7 and Windows 8.1 machines, as well.

The service will be available as a public preview this spring, Microsoft indicated in an announcement this week. Broader availability is slated for sometime "this summer," which perhaps means it'll be available for production use then.

Windows Defender ATP is a post-breach detection service that uses machine learning and Microsoft's security expertise to detect threats in computing environments. Microsoft later indicated it was adding auto-remediation capabilities to this service through its integration of Hexadite technology, so the service is also designed to automatically fix security problems.

Late last year, Microsoft suggested that Windows Defender ATP could protect Windows Server 2012 R2 and Windows Server 2016 machines, too, and its security was also extended to Linux devices, including Android, iOS and macOS machines, via partnerships with software security providers Bitdefender, Lookout and Ziften.

Now, Microsoft is offering Windows Defender ATP support to older Windows clients, even though Windows 7 will fall out of "extended support" about two years from now on Jan. 14, 2020. The use of Windows Defender ATP requires having Microsoft 365 E5 licensing, according to this Microsoft 365 Enterprise document.

Microsoft's announcement described Windows Defender ATP as a "behavioral based EDR [Endpoint Detection and Response] solution," perhaps reflecting the integration of Hexadite's auto-remediation technologies. IT pros use the Windows Defender Security Center to view its detection information.

Organizations can use their own client security solutions with Windows Defender ATP, although Microsoft's announcement suggested that it works better when used with either Windows Defender Antivirus for Windows 10 or System Center Endpoint Protection for "down-level" Windows operating systems (namely, Windows 7 and Windows 8.1).

"With Windows Defender Antivirus, security teams can see all malware detections and trigger response actions to prevent the spread of malware, in the same console," Microsoft's announcement explained. Microsoft seems to be suggesting that there are console advantages to using Microsoft's anti-malware solutions with Windows Defender ATP, but it's not exactly clear why that would be the case.

Microsoft also announced on Monday that it added a new Windows Defender ATP partner, SentinelOne, adding its Endpoint Protection Platform solution.

The SentinelOne Endpoint Protection Platform provides "static and behavioral AI engines to provide multilayered prevention, detection, and response as well as encrypted traffic inspection using one autonomous agent," according to Microsoft's announcement. The machine learning-based SentinelOne service provides information from Linux and Mac devices into the Windows Defender ATP console, according to an announcement by SentinelOne, and it also has auto-remediation capabilities on top of its threat-detection abilities. The integrated SentinelOne solution is currently available at the "beta access" stage.

About the Author

Kurt Mackie is senior news producer for 1105 Media's Converge360 group.


  • 2020 Microsoft Conference Calendar: For Partners, IT Pros and Developers

    Here's your guide to all the IT training sessions, partner meet-ups and annual Microsoft conferences you won't want to miss. (Now updated with COVID-19-related event changes.)

  • Microsoft Bolsters Its 5G Chops with Affirmed Networks Acquisition

    Microsoft has acquired Affirmed Networks, buttressing its software-defined networking services just as mobile operators start rolling out 5G wireless technologies.

  • The 2020 Microsoft Product Roadmap

    From the next major update to Windows 10 to the next generations of .NET and PowerShell, here's what's on tap from Microsoft this year.

  • Microsoft To Expand Support for Partner-Built MFA in Azure AD

    Microsoft plans to improve the ability of organizations to use third-party multifactor authentication solutions with the Microsoft Azure AD service.

RCP Update

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.